I want to run a scan of my HD contents stored on a USB backup drive on a friend's computer. My PCtools isn't taking care of the problem, so I thought it would be a good idea to run a scan from another computer with different software.

Here's my question: would attaching the USB drive to another computer run any risk of infecting said computer? I don't plan on opening, executing or copying any of the files to this other computer, but only to run a scan on it and see if it successfully deletes my infections.

I don't want to try this if there's any chance of infections being spread this way. It will be my *** if anything goes wrong. ;)

I cannot edit the title, but it should read "scanning" not "scanner."

Rather than post a bunch of different threads, I'll just add this here. I'm still scanning my own system with various scanners. After a few scans of showing vundo and fakealert (they are usuals), now they show 100% free from infections for two scans in a row. Then I ran superspywarescanner, a freeware scanner, and it also came up clean. I suddenly got excited and hopeful. Then I ran malwarebytes and it found three vundos.

I choose to remove them and I got a successful removal message about them. So I immediately ran two more scans with the same program and they show three vundos every time, and successful deletion every time. My friend told me to use vundoremover but every scan I've used with that comes up with no detections. Could vundo ever be a false positive? It seems that trojan fake_alert is what causes the most chaos, popping up the fake antivirus 2009 nonsense on almost every web page I browse. However, for the time being, there are no pop-ups. But they have a habit of coming back when I restart.

Computers are an adventure. It's like solving a puzzle every time I go on. What fun!

What you may want to do is turn off System Restore, run a file cleaner like CCleaner, make sure your D&S\"User"\Local Setting\temp has no folders and re-run your scans.

Don't forget to turn on System Restore when done.

The reason for this is that often malware hides in System Restore points.

I did all that, and just like in my above post, my scans are coming up clean now on spywaredoctor and on superantispyware. However, spywaredoc logs one ignored infection, and I'm not sure why.

The kick in the pants is that malwarebytes still finds three vundos. I know that I'm still infected because I still got one pop-up while opening folders, and this is a new one. I get a firefox page pop-up that states that I'm (hilariously) out of harddrive space (funny, given that I have 50gigs free, stupid, stupid arseholes that program malware...)

Well, since my last reboot, I haven't had any pop-ups. But the night is still young. By the way, anyone care to answer the question from my original post? Thanks.

The SD ignored infection is probably a cookie.

The following is from Wikipedia:
There are two main components to the Virtumonde.dll file. These are Browser Helper Objects and Class ID. Each of which are in the Windows Registry under Local Machine and the file names are dynamic. It attaches to the system using bogus Browser Helper Objects and DLL files attached to Winlogon and Explorer.exe. According to Spybot - Search & Destroy scans, there are two Virtumonde.prx files and one Virtumode.dll file located in the Windows Registry as well as the system32 directory.

The following is a link to further help
http://www.exterminate-it.com/malpedia/remove-vundo-virtumondo

Have you used HijackThis? The following is some info for you:
http://www.pctools.com/forum/showthread.php?t=55651&highlight=hijackthis

Keep us posted.

As long as you do not open/execute/copy any files on the USB drive you are not succeptible to infection.

As long as you do not open/execute/copy any files on the USB drive you are not succeptible to infection.

Which to be sure:
See to that 'Auto run' is disabled!

bim:
> spywaredoc logs one ignored infection, and I'm not sure why.

haapy:
> The SD ignored infection is probably a cookie.

Well, ... that's an assumption.
For his computer, we -- and he -- don't really know.
What I _do_ know is that on our computers it's not cookies.
What I don't know is what the 19-26 "ignored infections" really are.

AdAware shows you what they are.
That's not really difficult since, by definition, they already
know it. It's just a matter of whether or not they care enough
about the customer to display it. AdAware does. PCT does not.

achen:
The last time I asked there was no response.
Will the "ignored infections" be displayed?
I need to know so I can do some planning
for when our subscriptions expire next month.
Thanks.

Which to be sure:
See to that 'Auto run' is disabled!

I see that when I hook up my USB drive, "autoplay" pops up. How do I disable this? I'm not that lazy. I just spent a good 20mins farting around my control panel and didn't see it. - Thanks.

As for any updates, I'm still reading the links that haapy gave me. The first link that tells me to delete files from the registry has me a bit uneasy. Can't I screw up Windows that way? Even if I have a back up, which I do, I'm not even sure how to access that backup if I cannot load Windows anymore. Will simply deleting the infected keys screw me over because they replaced a vital Windows process, or will I be fine?

The tutorial for HjackThis begins with a dire warning that you mist be a Windows/PC expert to use it properly. That doesn't bode well for me. :)

P.S.: Spyware Doc is picking up the Virtumonde infections again. I knew they were still there, but anyways...

Hmmm. Some musings - The Exterminate This site says that in order to remove virtumondo, I have to delete all of the reg keys, files, etc, to get rid of it. I ran the free trial scan and it found 68 objects infected. Why does Spyware Doc say that I only have around 6 to 20 infections? I was close to purchasing Exterminate This to see if it would work, but as it's a one time purchase and chances are that it won't remove the trojans, then it would be a waste without being able to get a refund if it doesn't work. Has anyone used the registered version of Exterminate This before and have any opinions about? Do I have better, cheaper options for additional protection?

I see that when I hook up my USB drive, "autoplay" pops up. How do I disable this? I'm not that lazy. I just spent a good 20mins farting around my control panel and didn't see it. - Thanks.

As for any updates, I'm still reading the links that haapy gave me. The first link that tells me to delete files from the registry has me a bit uneasy. Can't I screw up Windows that way? Even if I have a back up, which I do, I'm not even sure how to access that backup if I cannot load Windows anymore. Will simply deleting the infected keys screw me over because they replaced a vital Windows process, or will I be fine?

The tutorial for HjackThis begins with a dire warning that you mist be a Windows/PC expert to use it properly. That doesn't bode well for me. :)

P.S.: Spyware Doc is picking up the Virtumonde infections again. I knew they were still there, but anyways...

The way to set up Autoplay is to click My Computer, right click the USB drive, click Autoplay and scroll down for each option and choose Do Nothing.

Before you mess with the registry, create a restore point. Then if you mess up, you can go back in time. You are into very technical procedures and if you are uncomfortable, then pass on this suggestion, same for HijackThis. I am out of answers for you at this point.

Ohso has valid points

Hmmm. Some musings - The Exterminate This site says that in order to remove virtumondo, I have to delete all of the reg keys, files, etc, to get rid of it. I ran the free trial scan and it found 68 objects infected. Why does Spyware Doc say that I only have around 6 to 20 infections? I was close to purchasing Exterminate This to see if it would work, but as it's a one time purchase and chances are that it won't remove the trojans, then it would be a waste without being able to get a refund if it doesn't work. Has anyone used the registered version of Exterminate This before and have any opinions about? Do I have better, cheaper options for additional protection?

I do not advocate purchasing Exterminate This. Its reference was for the manual fixes. But please reference my prior post. If unsure of what you are doing, do not do it.

If I were smart enough to know how to use HijackThis, then I probably wouldn't have so many viruses to begin with. ;)

To clarify, I'm really just looking for some answers to fairly simple questions. For instance, if I screw up something on the regedit, will Windows suddenly stop being operational because I deleted the line that contained the infections? Is this knowable by you or anyone else? Because that's really the skinny of my question. Also, if my computer became screwed up, how do I access my restore point?

I think I'm done asking now.

If I were smart enough to know how to use HijackThis, then I probably wouldn't have so many viruses to begin with. ;)

To clarify, I'm really just looking for some answers to fairly simple questions. For instance, if I screw up something on the regedit, will Windows suddenly stop being operational because I deleted the line that contained the infections? Is this knowable by you or anyone else? Because that's really the skinny of my question. Also, if my computer became screwed up, how do I access my restore point?

I think I'm done asking now.

Not necessarily true about smarts. So much easier to prevent the buggers than remove them.

USUALLLY, from reputable sites, the recommendations for regedit removals will not mess up your PC.

If you go to Start, Programs, Accessories, Systems Tools ( I think, trying to remember original place, I moved mine), you should find System Restore.

Here is the actual program location
windows\system32\restore\rstrui.exe

With this utility, you can create a restore point or restore to a prior restore point.

Note: Do not use this willy nilly. If you restore to a prior restore point, many updates that you made to programs from that point in time to today will have to be repeated (ie. Windows Updates, SD updates. etc). In some cases, you may have to uninstall/reinstall a program if it does not perform correctly. This tool should be used only as required to get a system back operational.

Unfortunately, with some of the malware, one has to go deep in the system to remove them if the normal products and scans do not.

Bimlanders:
As a general rule: If You do not know what You are doing, don't do it!
Mesing with the reg.edit might send You far out in BSOD land without return ticket.
If infected, or suspected infected:
Clean out the comp with CCleaner or similar. (Takes out all rubbish, cookies etc)
Re-boot to safe mode and run a FULL system scan including archives, clean, and run another scan!
Boot up normal and scan again.
If still infected with Vundo, try VundoFix, Malwarebytes, or Superantispyware.
Remember to follow instructions to the dot, NO shortcuts!
When comp is clean, uninstall ALL security software and download fresh set-up files. Suggest You use Revo for un-install as that one seems to get rid of the most. Just be sure You have all license keys written down, or copy them to a note-pad on desktop for easy access later.
Choose one AV and one Anti-malware as running security. SD/AV or PCTIS both works, nothing else as running.

Bimlanders:
As a general rule: If You do not know what You are doing, don't do it!
Mesing with the reg.edit might send You far out in BSOD land without return ticket.
If infected, or suspected infected:
Clean out the comp with CCleaner or similar. (Takes out all rubbish, cookies etc)
Re-boot to safe mode and run a FULL system scan including archives, clean, and run another scan!
Boot up normal and scan again.
If still infected with Vundo, try VundoFix, Malwarebytes, or Superantispyware.
Remember to follow instructions to the dot, NO shortcuts!
When comp is clean, uninstall ALL security software and download fresh set-up files. Suggest You use Revo for un-install as that one seems to get rid of the most. Just be sure You have all license keys written down, or copy them to a note-pad on desktop for easy access later.
Choose one AV and one Anti-malware as running security. SD/AV or PCTIS both works, nothing else as running.

I have been using CCleaner daily for a week or so now. I've experimented running so many scans in safe mode, with multiple tools, over and over again and it's always the same result, with slight variation at times, but still infected with Vundo crap. I have Vundofix; it never finds anything at all. I have Malwarebytes and Superantispyware. They can't delete Vundo either.

Anyways, thanks for all the help in this thread. I still have a couple of options. I am still waiting for a Malware detective ticket # response in PM, so hopefully I get that and things start rolling there. My only other option is to learn a lot more about computers in a very short span of time. Either way, I'm flying my white flag for the time being. I've had it.

If none of the other mentioned finds Vundo, I would suspect a false FP. Had that trouble some time ago.
May I suggest You simply un-install all scanners and anti programs, clean, download a fresh setup file of SD and do a new scan.

You misunderstood slightly. They all find Vundo except for Vundofix. Still waiting for Malware detective, guys. Is the staff on vacaction?

While You are waiting, spend some time and learn some more.
Have You located the files and folders where it is detected?
Does it always re-appear in the same files and folders?
My guess is that the 'source' is hidden somewhere in a download.
Any idea what You downloaded at the time it appeared?

It may be possible to have your USB drive infected even though you do not execute, copy, or move any files simply because that is the nature of a virus. It attempts to spread itself as fast and as far as it can. I know this sounds a tad frightening, but the fact of the matter is that is the world we live in and with these new smarter viruses they usually hide themselves as hidden files on the flash drive, believe it!

I fully agree, and once again for the N'th time in the last couple of years:
PC Tools: when are we going to get an Auto-Scan whenever a flash-drive/stick is attached to the comp???? In my experience Flash drives/sticks spreads more malware than the internet!
It is time to switch focus from :'internet Security' to Computer Security'!

> and once again for the N'th time in the last couple of years PC Tools:
> when are we going to get an Auto-Scan whenever a flash-drive/stick is attached to the comp?

That and much more. There are continued posts asking about the "ignored infections". Every new customer, after their first scan, looks at "x ignored infections" and asks "What are they? Where are they?" And there's absolutely nothing on the developer's to-do list that is simpler or easier than displaying that information since, by definition, they already have it! It's just a matter of putting it up on the screen. How incompetent can they be?

The 32 bit beta version was made available on 10/28/08, more than two months ago. Betas shouldn't be distributed to non-company employees if they are _more than_ two months away from general release. That's not a beta, it's an alpha. And alphas shouldn't be distributed outside the company.

Then there's the 64 bit beta.

And there was the disastrous version 5.

> In my experience Flash drives/sticks spread more malware than the internet!

It's a _huge_ problem. And their competition already addresses it. Like they also do with the "ignored infections". How incompetent can they be?

It's clear that the developers -- those that didn't walk after the Symantec take-over -- don't know what to do or how to do it. And they don't have effective supervision to direct them, or these problems wouldn't continue over such long periods.

PCT is just doomed.
Which was probably Symantec's intention with their monopolistic, product killing take-over.